Technical Field
This disclosure relates generally to document or file management and, in particular, to techniques for enabling secure document or file transfer without requiring a sender and a recipient to have installed and managed special-purpose utilities.
Background of the Related Art
When moving a document across computer systems (e.g., using email, USB keys, infrared file transfer, and so forth) to share with another person, it is often desirable to impose some document protection mechanism to guard against interception threats, key thefts, and other events that may compromise the document integrity. A common technique is to secure the content itself using encryption. In one simple approach, system-specific tools, such as email encryption functionality, add-on crypto programs (such as PGP True Crypt or the like), or similar techniques are used to protect the document while in transit across a network. These approaches, while sufficient to secure the content, have limitations.
In particular, such techniques typically assume that the sender and receiver both have the same software (or, more generally, the same functionality) required to facilitate the encryption and associated decryption. As an example, a sender's email program may include a built-in message encryption function that assumes that the receiving user has the same email program, that both sender and recipient programs use public key certificates, that the receiving program uses security certificates that are appropriately cross-certified so that they can decrypt and view/use the received message (including the document), etc. Additionally, typically such programs provide “all or nothing” functionality in that they encrypt the entire message, including document attachments, as part of the email communication. This requirement may increase processing overhead, and it may be unnecessary or undesirable from the user's perspective.
Data leak protection (DLP) and compliance enforcement products attempt to address these requirements by providing encryption on documents as part of their movement through a system (including movement via email, instant messaging, physical copying to USB or CD, or other potential transfer mechanisms). This approach also requires that the DLP product be available at the receiving end of the transfer to decrypt the document so that it can be viewed by the recipient.
Thus, a significant drawback of these approaches is that they require the recipient to have equivalent and/or compatible software on his or her system. It is often the case that this requirement cannot be enforced, in which case the encrypted document cannot be viewed or otherwise used by the recipient.